Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2007-3010

Disclosure Date: September 18, 2007 •

CVE-2007-3010 CVSS v3 Base Score: 9.8

Exploited in the Wild

Reported by gwillcox-r7 and 1 more...
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution

Description

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Exploited in the Wild

Reported by:

gwillcox-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: April 16, 2022 6:17pm UTC (2 years ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2022/04/15/cisa-adds-nine-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:19am UTC (3 months ago)

References

Canonical

CVE-2007-3010 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3010)

BID-25694 (http://www.securityfocus.com/bid/25694)

Advisory

ADV-2007-3185 (http://www.vupen.com/english/advisories/2007/3185)

http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm

SECUNIA-26853 (http://secunia.com/advisories/26853)

20070917 Alcatel-Lucent OmniPCX Remote Command Execution (http://marc.info?l=full-disclosure&m=119002152126755&w=2)

OSVDB-40521 (http://osvdb.org/40521)

20070917 Alcatel-Lucent OmniPCX Remote Command Execution (http://www.securityfocus.com/archive/1/479699/100/0/threaded)

XF-alcatel-unified-mastercgi-command-execution(36632) (https://exchange.xforce.ibmcloud.com/vulnerabilities/36632)

Miscellaneous

http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php

Rapid7

Unknown

CVE-2007-3010

Unknown

Unknown

None

None

Network

CVE-2007-3010

Description